Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
johnnyuk
Posts: 18
Registered: ‎02-03-2013
My Device: Z10, PlayBook 64GB, Curve 9380

Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

Placing a BDS 6.2 server in the same Forest/Domain as Exchange in an environment where the Exchange organisation is in a different AD Forest to the AD user accounts that are linked to the mailboxes does not appear to be a configuration that has been well tested in terms of Email Profiles for the ActiveSync configuration during device activation.

 

The BDS defaults to only using the Domain name of the Domain where the mailbox resides in its user configuration. This causes a problem during activation when the user is prompted to supply their password for their Work mailbox during the ActiveSync setup. The BDS activation does NOT ask for the password for the user account  normally used to access the mailbox, the one in the user account Forest. Instead BDS asks for the password for their disabled user account in the Domain where the mailbox resides in Exchange. This is because BDS has configured the ActiveSync account on the device to use the Domain where the mailbox resides in Exchange. The disabled user accounts in the Domain that Exchange resides in must remain disabled when using linked mailboxes as enabling them can cause problems with mailboxes.

 

When creating Email Profiles on the BDS for assigning to users so that during activation the ActiveSync configuration is pre-populated there is no Domain field for specifying an entry that will override the default behaviour. To make matters worse although Blackberry Management Studio shows the Domain field for a user under the Email Profile section if you edit the entry to correct the Domain and click Save the entry doesn't change, it stays as the Domain that the mailbox resides in.

 

This have given me a real dilemma when planning my live BES10 solution for the 40 Blackberry 10 phones my employer is about to purchase. There are only 2 workarounds I have found so far, the first being a poor user experience but from an IT point of view preferable to the second:

 

Workaround 1 (A PlayBook activation over WiFi is used for this example)

-------------------

 

When prompted for the password for the mailbox during device activation, Cancel the dialog box then go to Settings / Accounts, tap the newly created Work account which will be highlighted in red as the credentials are missing, enter the password for the user account normally used to access the mailbox (the one in the user account Forest NOT the disabled account in the Exchange Forest) then tap Advanced Settings, change the entry in the Domain field to the name of the Domain in the user account Forest then tap Save. The entry in the Accounts list should now go grey to indicate that it has the correct credentials to connect to the mailbox.

 

 

Workaround 2

-------------------

 

Install a BDS server in each of the user account Forests that you have in your AD organisation. This will mean that the unchangeable default behaviour will populate the Domain field with the correct Domain for accessing the mailbox during the ActiveSync setup part of device activation. HOWEVER, even though you could manage all devices on the multiple BDS servers  through a single Blackberry Management Studio console you would still have the cost of servers to host the multiple instances of BDS and the BDS database which all have to be managed and patched separately when your number of users may only technically require one BDS server. Very wasteful and a headache over time.

 

 

So Blackberry, can this design flaw in the ActiveSync setup during activation pleased be fixed so that we can override the default Domain that is pre-populated in to the ActiveSync settings? Ideally we should be able to specify a Domain name in an Email Profile that will override the default.

It makes me shake my head to myself when I find that the Universal Device Service for iOS and Android devices handles ActiveSync Profiles correctly and lets you specify exactly the Domain name you need for its activation process. You know, UDS, the 3rd party solution that you bought so that you could support iOS and Android as opposed to BDS the Mobile Fusion component that you designed for your own devices!

 

Looking forward to hearing some positive news on this soon,

 

Johnny

Enterprise SME
-BD-
Posts: 552
Registered: ‎05-15-2008
My Device: Z10

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

You can override the AD settings for an user through BAS.  Manage a user and edit their email profile.  There will be a field you can toggle on to override AD settings.  I've pointed my ActiveSync profile to a completely seperate user in a seperate forest before. 

Contributor
johnnyuk
Posts: 18
Registered: ‎02-03-2013
My Device: Z10, PlayBook 64GB, Curve 9380

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

Well that was a well hidden setting!!! But at least it works. Thanks for your help, the setting isn't mentioned in the BDS 6.2 Administration Guide.

 

It still leaves a problem with Blackberry Management Stuido though. If I have to manually edit a new user's email profile in the BAS for BDS then the BMS is useless for rolling out to support staff for creating new BDS users as when you try to edit the Domain in the Email Profile using BMS it doesn't save the change. Is this a bug or by design?!

 

This could all be so much simpler if the Email Profiles just contained a Domain field that would override the user's default settings. Then there wouldn't be a need to manually edit anything.

Forums Advisor I
oliwer
Posts: 581
Registered: ‎05-23-2008
My Device: BB10 and WiFi PB

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

We also have issues changing the Email Profile settings using the BDS Webservices (which is the same as using BMS).
I had a topic in the Dev Forum and BlackBerry said it will be fixed in a future version:
http://supportforums.blackberry.com/t5/BlackBerry-Enterprise-Server/BDS-BlackBerry-WebServices-Creat...
Contributor
johnnyuk
Posts: 18
Registered: ‎02-03-2013
My Device: Z10, PlayBook 64GB, Curve 9380

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

Thanks, I had read your post when searched for the problem before posting and was pretty sure it was being caused by the same lack of flexibility and functionality in the Email Profiles that I'm experiencing, just from a different point of view. Fingers crossed for a solution in an update for BDS soon.

Contributor
morser
Posts: 23
Registered: ‎12-14-2008
My Device: Z10, 9900 & Playbook 64GB

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

Thanks Johnnyuk for describing the problem.

 This is also affecting us. 

I noticed the need to override and manually populate the domain field with the User Forest last week, however I just noticed that the Management Studio does not properly write what you wish for in the Domain field, yet reverts it back to the Resource Forest.

 

I've submitted a case for both issues (separate cases), as I feel the urgency will not be noticed if we just wait for a fix.  cases will have weight. 

 

This is a big disappointment as we were planning on using the Management Studio for our Administrators to have one single interface for old and new BlackBerry devices.   Now this is not possible for us, at least at the moment.

 

 

Contributor
morser
Posts: 23
Registered: ‎12-14-2008
My Device: Z10, 9900 & Playbook 64GB

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

Contributor
johnnyuk
Posts: 18
Registered: ‎02-03-2013
My Device: Z10, PlayBook 64GB, Curve 9380

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

Yes I can confirm that this bug stopping changes to the Domain field in BlackBerry Management Studio from being saved is fixed in BDS 6.2 Maintenance Release 1.
Guru III
knottyrope
Posts: 30,785
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook, BlackBerry Wireless Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

so is it now solved?

 




Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.


SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope


Want to thank me? Buy my KnottyRope App here


BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V


Contributor
morser
Posts: 23
Registered: ‎12-14-2008
My Device: Z10, 9900 & Playbook 64GB

Re: Design flaw in BES10 BDS 6.2 when activating in a multi-AD Forest environment using ActiveSync Email Profiles

Yes.  I tested it.   You can now change the values in Management Studio and they will save correctly.

 

However for a User Forest / Resource environment, you still cannot pre-populate the Domain field with the User account, which would be needed in that environment, but it can be manually changed.